How To Fix A Faulty Server On A Linux Computer (Unix) On A Pc Or Mac (Windows) On An Unix Computer (Windows 2) On The Same Day (Apple) On 08/28/08 (Apple Mac)

Transcription

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34 GET / HTTP/1.0 HTTP/ Bad Request Date: Thu, 28 Aug :24:58 GMT Server: Apache/ (Unix) mod_perl/1.29 mod_ssl/ OpenSSL/0.9.7g Connection: close Content-Type: text/html; charset=iso

35

36

37

38

39 /.../carlog argos.csi /.../carlog v0.1.3 Copyright(c) G Portokalidis Net tracker data: YES VERSION ARCH TYPE TIMESTAMP 0x02 i386 RET EAX ECX EDX EBX 0x x000a79e0 0x00085a0e 0x007df83c (0x ) (0x ) (0x ) (0x ) [ ] [ ] [ ] [ ] ESP EBP ESI EDI 0x007df79c 0x x x007df8a4 (0x ) (0x0bcd978c) (0x ) (0x ) [ ] [ ] [ ] [ ] EIP Faulty EIP EFLAGS 0x d 0x75879a8d 0x (0x0bcd9790) [ ]

40 /.../cargos-lib-0.1.3/bin/carlog argos.csi argos.netlog /.../cargos-lib-0.1.3/bin/carlog v0.1.3 Copyright(c) G Portokalidis

41 Net tracker data: YES VERSION ARCH TYPE TIMESTAMP 0x02 i386 RET EAX ECX EDX EBX 0x x77e79e1b 0x745b30e0 0x00ebfd50 (0x ) (0x ) (0x ) (0x ) [ 77046] [ 77046] [ 77046] [ 77046] ESP EBP ESI EDI 0x00ebf87c 0x x x (0x ) (0x0ba49868) (0x ) (0x ) [ 77046] [ ] [ 77046] [ 77046] EIP Faulty EIP EFLAGS 0x x745937d8 0x (0x0ba4986c) [411628]

42 >strings argos.csi [tP NTLMSSP.B#~.B#~ Xhttp:// :3311/x.exe Mozilla/4.0,0F4.beg.q )Fk7_ %**f Xhttp:// :3311/x.exe Mozilla/4.0,0F4.beg.q )Fk7_ %**f

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73 #relayctl show sum Id Type Name Avlblty Status 1 relay http_relay active 1 table http_servers:80 active (5 hosts up) 1 host % down 2 host % up 3 host % up 4 host % up 5 host % up 6 host % up #relayctl show sum Id Type Name Avlblty Status 3 relay dce_relay active 3 table dce_servers:135 active (4 hosts up) 11 host % up 12 host % up 13 host % up 14 host % up

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104 # file relayd.conf # $Id$ # # Macros # vm_host_1= "xxx.xxx.xxx.xxx" vm_host_2= "yyy.yyy.yyy.yyy"... vm_host_n= "zzz.zzz.zzz.zzz" admin_if= "vge0" admin_ip= " " ext_honeynet_if="em0" ext_honeynet_ip=" " int_honeynet_if="em1" int_honeynet_ip=" " loopback= "lo0" loopback_ip= " " # # Global Options # interval 20 timeout 1000 prefork 1 log updates # # tables # table <virtuel_machines> { $vm_host_1 $vm_host_2 \ $external_honeypot $webserver_tv $webserver_jst } # # protocols # protocol "myssh" { tcp { nodelay, socket buffer } } http protocol "http_add" {

105 } header append "$REMOTE_ADDR" to "X-Forwarded-For" header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" # # relays # relay "http_relay" { listen on port 80 forward to <virtuel_machines> port 80 mode roundrobin check tcp } relay "ftp_relay" { listen on port 21 forward to <virtuel_machines> port 21 mode roundrobin check tcp } relay "ms_sql_relay" { listen on port 1433 forward to <virtuel_machines> port 1433 mode roundrobin check tcp } # file pf.conf # $Id: pf.conf,v /09/01 13:04:21 root Exp $ # The sample configuration redirects connections targerted to # the network /28 to the Windows 2000 Honeypot and # to the Windows XP Honeypot # In addition, connections to tcp/80 are redirected to the # application proxy gateway of the relayd load balancer ext_honeynet_if="em0" int_honeynet_if="em1" loopback_if= "lo0"... vm_winxp= " " vm_win2000= " "... # # rdr & nat section # # rdr-anchor for relayd, for host monitoring and server load balancing rdr-anchor "relayd/*" # redirect incoming honeynet packets to port 80 to # proxy listening at localhost port 8080, this is a # really layer 7 proxy implemented by relayd # (relayd listens on , so the connection

106 # is redirected by it) rdr pass on $ext_honeynet_if inet proto tcp \ from any to /28 port http -> port http rdr pass on $ext_honeynet_if inet proto tcp \ from any to /28 port ftp -> port ftp rdr pass on $ext_honeynet_if inet proto tcp \ from any to /28 port ms-sql-s -> port mssql-s... # redirect incoming honeynet-packets to vm_win2000 # network range: /28 rdr pass on $ext_honeynet_if inet proto { icmp tcp udp } \ from any to /28 -> $vm_win2000 # redirect incoming honeynet-packets to vm_winxp # network range rdr pass on $ext_honeynet_if inet proto { icmp tcp udp } \ from any to { / /24 } -> $vm_winxp... # anchor point for relayd - permits relayd to place its ouwn rules into # the ruleset. anchor "relayd/*"... # pass out all connections initiated by relayd pass out quick on $ext_honeynet_if from any to any user _relayd \ keep state \ label "$srcaddr:$srcport:$dstaddr:$dstport:$proto:$if"

107 resource services { # write IO is reported as completed, if we know it has reached # _both_ local and remote DISK. protocol C; # what should be done in case the cluster starts up in degraded # mode, but # knows it has inconsistent data. incon-degr-cmd "echo '!DRBD! pri on incon-degr' wall ; sleep 60 ; halt -f"; # Wait for connection timeout if this node was a degraded cluster. # In case a degraded cluster (= cluster with only one node left) is # rebooted, this timeout value is used. startup { degr-wfc-timeout 120; } # If the lower level device reports io-error, the node drops its # backing storage device, and continues in disk less mode. disk { on-io-error detach; } net { } syncer { # Limit the bandwith used by the resynchronisation process. rate 10M;

108 } # All devices in one group are resynchronized parallel. group 1; # Configures the size of the active set. al-extents 257; # Definition of devices on hosts on dbserver1 { device /dev/drbd0; disk /dev/sda7; address :7788; meta-disk internal; } } on dbserver2 { device /dev/drbd0; disk /dev/sda3; address :7788; meta-disk internal; } <master_slave id="ms_drbd" notify="true" globally_unique="false"> <meta_attributes id="ms_drbd_meta_attrs"> <attributes> <nvpair id="ms_drbd_meta_attrs_clone_max" name="clone_max" value="2"/> <nvpair id="ms_drbd_meta_attrs_clone_node_max" name="clone_node_max" value="1"/> <nvpair id="ms_drbd_meta_attrs_master_max" name="master_max" value="1"/> <nvpair id="ms_drbd_meta_attrs_master_node_max" name="master_node_max" value="1"/> <nvpair id="ms_drbd_meta_attrs_notify" name="notify" value="true"/> <nvpair id="ms_drbd_meta_attrs_globally_unique" name="globally_unique" value="false"/> </attributes> </meta_attributes> <primitive id="resource_drbd" class="ocf" type="drbd" provider="heartbeat"> <instance_attributes id="resource_drbd"> <attributes> <nvpair id="resource_drbd_attrs_drbd_resource" name="drbd_resource" value="services"/> </attributes> </instance_attributes> <operations>

109 <op id="op_drbd" name="monitor" interval="60s" timeout="20s" disabled="false" role="started" prereq="quorum" on_fail="restart"/> </operations> </primitive> </master_slave> <group id="group_openca"> <primitive class="ocf" type="filesystem" provider="heartbeat" id="resource_filesystem"> <instance_attributes id="resource_filesystem_instance_attrs"> <attributes> <nvpair id="resource_filesystem_instance_attr_fstype" name="fstype" value="ext3"/> <nvpair id="resource_filesystem_instance_attr_device" name="device" value="/dev/drbd0"/> <nvpair id="resource_filesystem_instance_attr_directory" name="directory" value="/services"/> </attributes> </instance_attributes> <operations> <op id="op_filesystem" name="monitor" interval="60s" timeout="20s" disabled="false" role="started" prereq="quorum" on_fail="restart"/> </operations> </primitive> <primitive id="resource_ip" class="ocf" type="ipaddr2" provider="heartbeat"> <instance_attributes id="resource_ip_instance_attrs"> <attributes> <nvpair id="resource_ip_instance_attr_ip" name="ip" value=" "/> <nvpair id="resource_ip_instance_attr_interface" name="nic" value="eth1:0"/> <nvpair id="resource_ip_instance_attr_cidr_netmask" name="cidr_netmask" value="28"/> </attributes> </instance_attributes> <operations> <op id="op_ip" name="monitor" interval="60s" timeout="20s" disabled="false" role="started" prereq="quorum" on_fail="restart"/> </operations> </primitive> <primitive id="resource_mysql" class="ocf" type="mysql" provider="heartbeat"> <instance_attributes id="resource_mysql_instance_attrs"> <attributes>

110 <nvpair id="resource_mysql_instance_attr_binary" name="binary" value="/usr/bin/safe_mysqld"/> <nvpair id="resource_mysql_instance_attr_config" name="config" value="/etc/my.cnf"/> <nvpair id="resource_mysql_instance_attr_datadir" name="datadir" value="/var/lib/mysql"/> </attributes> </instance_attributes> <operations> <op id="op_mysql" name="monitor" interval="60s" timeout="120s" disabled="false" role="started" prereq="quorum" on_fail="restart"/> </operations> </primitive> <primitive id="resource_apache" class="ocf" type="apache" provider="heartbeat"> <instance_attributes id="resource_apache_instance_attrs"> <attributes> <nvpair id="resource_apache_instance_attr_config_file" name="configfile" value="/etc/apache2/httpd.conf"/> <nvpair id="resource_apache_instance_attr_httpd" name="httpd" value="/usr/sbin/httpd2"/> <nvpair id="resource_apache_instance_attr_options" name="options" value="-d SSL"/> </attributes> </instance_attributes> <operations> <op id="op_apache" name="monitor" interval="60s" timeout="20s" disabled="false" role="started" prereq="quorum" on_fail="restart"/> </operations> </primitive> <primitive id="resource_openca" class="ocf" type="openca" provider="heartbeat"> <instance_attributes id="resource_openca_instance_attrs"> <attributes> <nvpair id="resource_openca_instance_attr_server_path" name="serverpath" value="/services/inst/openca/server"/> </attributes> </instance_attributes> </primitive> </group> # UDP port for communication udpport 694 autojoin none

111 crm true # Heartbeat via Ethernet: bcast eth0 # Heartbeat via serial line serial /dev/ttys0 baud # Members of cluster node dbserver1 node dbserver2 logfile /var/log/ha-log respawn root /sbin/evmsd apiauth evms uid=hacluster,root